Security Feed
  1. Archives

May 15 2025 Malicious NPM package uses Unicode steganography to evade detection

Source

A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. [...]

Posted by Bill Toulas on Thu 15 May 2025 in BleepingComputer.

Tags: Security.

Categories

  1. Ars Technica
  2. AWS Security
  3. BleepingComputer
  4. Brian Krebs
  5. Bruce Schneier
  6. GCP Security
  7. Google Project Zero
  8. The Daily Swig
  9. The Guardian
  10. The Register
  11. Threatpost

Tag cloud

  • Security
  • Uncategorized
  • Security, Identity, & Compliance
  • Biz & IT
  • Security Blog
  • Microsoft
  • Security & Identity
  • Google
  • AI
  • CryptoCurrency
  • Announcements
  • Foundational (100)
  • A Little Sunshine
  • Legal
  • Artificial Intelligence
  • Mobile
  • privacy
  • Apple
  • squid
  • Intermediate (200)
  • Advanced (300)
  • hacking
  • Technical How-to
  • The Coming Storm
  • vulnerabilities

Security Feed. Powered by Pelican and m.css. Code is available on GitLab.